From 55f968b2c9f34f2650ac7335cf420d4d29f0eef4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 9 Mar 2015 16:23:15 +0000 Subject: [PATCH] Switch renego define from disable to enable --- configs/config-ccm-psk-tls1_2.h | 1 - configs/config-mini-tls1_1.h | 1 - configs/config-psk-rc4-tls1_0.h | 1 - configs/config-suite-b.h | 1 - include/mbedtls/config.h | 9 +++------ include/mbedtls/ssl.h | 5 ----- 6 files changed, 3 insertions(+), 15 deletions(-) diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index 3844383b1..7a6e70dc7 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -19,7 +19,6 @@ /* mbed TLS feature support */ #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED #define POLARSSL_SSL_PROTO_TLS1_2 -#define POLARSSL_SSL_DISABLE_RENEGOTIATION /* mbed TLS modules */ #define POLARSSL_AES_C diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h index ab0419359..dc9ee0fc0 100644 --- a/configs/config-mini-tls1_1.h +++ b/configs/config-mini-tls1_1.h @@ -18,7 +18,6 @@ #define POLARSSL_PKCS1_V15 #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED #define POLARSSL_SSL_PROTO_TLS1_1 -#define POLARSSL_SSL_DISABLE_RENEGOTIATION /* mbed TLS modules */ #define POLARSSL_AES_C diff --git a/configs/config-psk-rc4-tls1_0.h b/configs/config-psk-rc4-tls1_0.h index bb82f91e0..b498ae4fa 100644 --- a/configs/config-psk-rc4-tls1_0.h +++ b/configs/config-psk-rc4-tls1_0.h @@ -19,7 +19,6 @@ /* mbed TLS feature support */ #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED #define POLARSSL_SSL_PROTO_TLS1 -#define POLARSSL_SSL_DISABLE_RENEGOTIATION /* mbed TLS modules */ #define POLARSSL_AES_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 5c58f2535..b565653ba 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -25,7 +25,6 @@ #define POLARSSL_ECP_DP_SECP384R1_ENABLED #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define POLARSSL_SSL_PROTO_TLS1_2 -#define POLARSSL_SSL_DISABLE_RENEGOTIATION /* mbed TLS modules */ #define POLARSSL_AES_C diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4cf879eee..143a014c9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -911,7 +911,7 @@ #define POLARSSL_SSL_CBC_RECORD_SPLITTING /** - * \def POLARSSL_SSL_DISABLE_RENEGOTIATION + * \def POLARSSL_SSL_RENEGOTIATION * * Disable support for TLS renegotiation. * @@ -921,12 +921,9 @@ * it has been associated with security issues in the past and is easy to * misuse/misunderstand. * - * Warning: in the next stable branch, this switch will be replaced by - * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation. - * - * Uncomment this to disable support for renegotiation. + * Comment this to disable support for renegotiation. */ -//#define POLARSSL_SSL_DISABLE_RENEGOTIATION +#define POLARSSL_SSL_RENEGOTIATION /** * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b4a70856f..e537fdb25 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -30,11 +30,6 @@ #include POLARSSL_CONFIG_FILE #endif -/* Temporary compatibility trick for the current stable branch */ -#if !defined(POLARSSL_SSL_DISABLE_RENEGOTIATION) -#define POLARSSL_SSL_RENEGOTIATION -#endif - #include "net.h" #include "bignum.h" #include "ecp.h"